Secrets quality profile is not getting picked by sonarqube analysis

Sonarqube version : sonarqube- / Developer Edition

Sonarqube analysis is not picking up Secrets quality profile though there are secrets in the scanned code.
The quality profile is assigned to all our projects but still shows usage as Never.

How to make the sonarqube use secret profile?

It’s the same on our own internal instance of SonarQube. :thinking: I’ll flag this for attention.

Hey @RekhaY

This is indeed confusing. The profile is displayed as “used never,” while I believe if you check your logs, you will find TextAndSecretsSensor executed.

It’s a known limitation, as “Secrets” is not an actual language, and all files in the project are actually analyzed. As technically no file has “Secrets” language, corresponding profile is not marked as used.

Thanks for the feedback; we will see how we can improve this.